尝试使用 Azure Pipelines 中的
Error: SignerSign() failed." (-2147467259/0x80004005)TrustedSigning@0我可以确认以下几点:
]
}
Submitting digest for signing...
##[debug]Agent environment resources - Disk: D:\ Available 12492.00 MB out of 14333.00 MB, Memory: Used 1989.00 MB out of 7167.00 MB, CPU: Usage 3.97%
Unhandled managed exception
Azure.RequestFailedException: Service request failed.
Status: 403 (Forbidden)
Headers:
Date: Wed, 26 Jun 2024 14:26:02 GMT
Connection: keep-alive
Strict-Transport-Security: REDACTED
x-azure-ref: REDACTED
X-Cache: REDACTED
Content-Length: 0
at Azure.CodeSigning.CertificateProfileRestClient.SignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
at Azure.CodeSigning.CertificateProfileClient.StartSignAsync(String codeSigningAccountName, String certificateProfileName, SignRequest body, String xCorrelationId, String clientVersion, CancellationToken cancellationToken)
at Azure.CodeSigning.Dlib.Core.DigestSigner.SignAsync(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle, CancellationToken cancellationToken)
at Azure.CodeSigning.Dlib.Core.DigestSigner.Sign(UInt32 algorithm, Byte[] digest, SafeFileHandle safeFileHandle)
at AuthenticodeDigestSignExWithFileHandleManaged(_CRYPTOAPI_BLOB* pMetadataBlob, UInt32 digestAlgId, Byte* pbToBeSignedDigest, UInt32 cbToBeSignedDigest, Void* hFile, _CRYPTOAPI_BLOB* pSignedDigest, _CERT_CONTEXT** ppSignerCert, Void* hCertChainStore)
Error information: "Error: SignerSign() failed." (-2147467259/0x80004005)
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: D:\a\_tasks\TrustedSigning_347b65f8-289b-4164-8663-6dea65cb0cc3\0.3.16\icon.png
SignTool Error: This file format cannot be signed because it is not recognized.
SignTool Error: An error occurred while attempting to sign: D:\a\_tasks\TrustedSigning_347b65f8-289b-4164-8663-6dea65cb0cc3\0.3.16\task.json
SignTool Error: An unexpected internal error has occurred.
##[debug]Leaving D:\a\_tasks\TrustedSigning_347b65f8-289b-4164-8663-6dea65cb0cc3\0.3.16\TrustedSigning.ps1.
##[debug]Caught exception from task script.
##[debug]Error record:
##[debug]SignTool failed with exit code 1
##[debug]At C:\Program Files\WindowsPowerShell\Modules\TrustedSigning\0.3.15\TrustedSigning.psm1:210 char:13
##[debug]+ throw "SignTool failed with exit code $($result)"
##[debug]+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
##[debug] + CategoryInfo : OperationStopped: (SignTool failed with exit code 1:String) [], RuntimeException
##[debug] + FullyQualifiedErrorId : SignTool failed with exit code 1
##[debug]
##[debug]Script stack trace:
##[debug]at Invoke-TrustedSigning, C:\Program Files\WindowsPowerShell\Modules\TrustedSigning\0.3.15\TrustedSigning.psm1: line 210
##[debug]at <ScriptBlock>, D:\a\_tasks\TrustedSigning_347b65f8-289b-4164-8663-6dea65cb0cc3\0.3.16\TrustedSigning.ps1: line 226
##[debug]at <ScriptBlock>, <No file>: line 1
##[debug]at <ScriptBlock>, <No file>: line 22
##[debug]at <ScriptBlock>, <No file>: line 18
##[debug]at <ScriptBlock>, <No file>: line 1
##[debug]Exception:
##[debug]System.Management.Automation.RuntimeException: SignTool failed with exit code 1
##[error]SignTool failed with exit code 1
##[debug]Processed: ##vso[task.logissue type=error]SignTool failed with exit code 1
##[debug]Processed: ##vso[task.complete result=Failed]
Finishing: Sign hello_world
我有点担心它为什么要尝试签署task.json和icon.png文件...
这是管道 YAML:
stages:
- stage: Build
displayName: Build and Publish Artifact for later signing
pool:
vmImage: windows-latest
jobs:
- job: Build_And_Publish
displayName: Build and Publish HelloWorld
steps:
- task: CMake@1
displayName: CMake prep
inputs:
workingDir: build
cmakeArgs: '..'
- task: CMake@1
displayName: CMake build
inputs:
workingDir: build
cmakeArgs: '--build .'
- task: CopyFiles@2
displayName: Prepare for artifact storage
inputs:
contents: 'build\Debug\*'
targetFolder: '$(Build.ArtifactStagingDirectory)'
- task: TrustedSigning@0
displayName: Sign hello_world
inputs:
AzureTenantID: 'XXX'
AzureClientID: 'XXX'
AzureClientSecret: 'XXX'
Endpoint: 'https://eus.codesigning.azure.net/'
CodeSigningAccountName: 'trusted-signing'
CertificateProfileName: 'LeidosSESPublicTrustTest'
FilesFolder: '$(Build.ArtifactStagingDirectory)'
FilesFolderFilter: 'exe'
FilesFolderRecurse: true
FileDigest: 'SHA256'
TimestampRfc3161: 'http://timestamp.acs.microsoft.com'
TimestampDigest: 'SHA256'
可信签名资源 JSON:
"id": "/subscriptions/XXX/resourceGroups/softops/providers/Microsoft.CodeSigning/codesigningaccounts/LeidosSESTrust",
"name": "LeidosSESTrust",
"type": "microsoft.codesigning/codesigningaccounts",
"location": "eastus",
"tags": {},
"systemData": {
"createdBy": "[email protected]",
"createdByType": "User",
"createdAt": "2024-05-28T15:22:45.554212Z",
"lastModifiedBy": "[email protected]",
"lastModifiedByType": "User",
"lastModifiedAt": "2024-05-28T15:22:45.554212Z"
},
"properties": {
"sku": {
"name": "Basic"
},
"provisioningState": "Succeeded",
"accountUri": "https://eus.codesigning.azure.net/"
}
}
应用程序注册清单:
{
"id": "XXX",
"acceptMappedClaims": null,
"accessTokenAcceptedVersion": null,
"addIns": [],
"allowPublicClient": true,
"appId": "XXX",
"appRoles": [],
"oauth2AllowUrlPathMatching": false,
"createdDateTime": "2024-06-26T12:01:43Z",
"description": null,
"certification": null,
"disabledByMicrosoftStatus": null,
"groupMembershipClaims": null,
"identifierUris": [],
"informationalUrls": {
"termsOfService": null,
"support": null,
"privacy": null,
"marketing": null
},
"keyCredentials": [],
"knownClientApplications": [],
"logoUrl": null,
"logoutUrl": null,
"name": "trusted-signing",
"notes": null,
"oauth2AllowIdTokenImplicitFlow": false,
"oauth2AllowImplicitFlow": false,
"oauth2Permissions": [],
"oauth2RequirePostResponse": false,
"optionalClaims": null,
"orgRestrictions": [],
"parentalControlSettings": {
"countriesBlockedForMinors": [],
"legalAgeGroupRule": "Allow"
},
"passwordCredentials": [
{
"customKeyIdentifier": null,
"endDate": "2026-06-26T18:31:28.017Z",
"keyId": "XXX",
"startDate": "2024-06-26T18:31:28.017Z",
"value": null,
"createdOn": "2024-06-26T18:31:38.0827539Z",
"hint": "QRa",
"displayName": "trusted-signing"
},
{
"customKeyIdentifier": null,
"endDate": "2026-06-26T12:02:59.453Z",
"keyId": "fba82768-03ad-4d92-a627-4b8aa8a80ed0",
"startDate": "2024-06-26T12:02:59.453Z",
"value": null,
"createdOn": "2024-06-26T12:03:34.5485852Z",
"hint": "34y",
"displayName": "trusted-signing-secret"
}
],Identity Validation Completed
"preAuthorizedApplications": [],
"publisherDomain": "XXX.onmicrosoft.com",
"replyUrlsWithType": [],
"requiredResourceAccess": [
{
"resourceAppId": "XXX",
"resourceAccess": [
{
"id": "eXXX",
"type": "Scope"
}
]
}
],
"samlMetadataUrl": null,
"signInUrl": null,
"signInAudience": "AzureADMultipleOrgs",
"tags": [],
"tokenEncryptionKeyId": null
}
我已经三次检查了以下设置,对我来说看起来是正确的:
在另一篇文章中检查了此答案中找到的所有相关内容:
对于 403,可能有一些原因会导致此问题,请检查/验证以下内容:
- 检查可信签名角色。
- 检查您的metadata.json 中的受信任签名帐户名称和受信任签名证书配置文件名称。
- 检查dlib和dlib路径
- 安装 C++ 可再发行组件:
- 检查.Net版本、dlib版本和Windows SDK
- 检查是否已将可信签名角色分配给尝试对文件进行签名的身份。
- 检查对应的身份验证是否处于“已完成”状态。
- 验证您是否从尝试登录的虚拟机或计算机访问可信签名端点?请尝试在不同的虚拟机或计算机上执行该操作。这可能是潜在的网络问题。
尝试了 VS 可信签名市场页面上的故障排除中列出的所有内容 我在 VS 可信签名市场问答中发布了类似的问题。
从您粘贴的信息中,LeidosSESTrust是帐户名称“xxxxxx/Microsoft.CodeSigning/codesigningaccounts/LeidosSESTrust”, 但用作个人资料名称。
CodeSigningAccountName:“可信签名” 证书配置文件名称:'LeidosSESPublicTrustTest'
